ABSTRACT OF THE DISCLOSURE 


A system and method for ensuring that machines having invalid or corrupt states are restricted 
from accessing network resources are provided. A quarantine server located on a trusted 
machine in a network provides a bill of health to a quarantine agent located on a client 
computer that wishes to gain access to network resources administered by an organization. 
The quarantine agent requests bill of health from the quarantine server, and receives a 
manifest of checks that the client computer must perform. The quarantine agent then sends a 
status report on the checks back to the quarantine server. If the client computer is in a valid 
security state, the bill of health is issued to the client. If the client computer is in an invalid 
state, the client is directed to install the appropriate software/patches to achieve a valid state. 
When a client requests the use of network resources from a network administrator, the 
network administrator requests the client's bill of health. If the bill of health is valid, the 
client is admitted to the network. If the bill of health is invalid, or if the client does not have a 
quarantine agent, the client is placed in quarantine, in which the only network resources 
accessible to the client are those necessary to install the quarantine agent and requisite 
software/patches to achieve a valid state. 


